• Home
  • Articles
  • Easily To Pass New Identity-and-Access-Management-Architect Verified & Correct Answers [Jul 30, 2023 [Q115-Q132]

Easily To Pass New Identity-and-Access-Management-Architect Verified & Correct Answers [Jul 30, 2023 [Q115-Q132]

Share

Easily To Pass New Identity-and-Access-Management-Architect Verified & Correct Answers [Jul 30, 2023

Free Identity-and-Access-Management-Architect Exam Files Downloaded Instantly


Salesforce Identity-and-Access-Management-Architect is a highly sought-after certification for professionals who specialize in identity and access management. This exam is designed to test a candidate's knowledge and expertise in Salesforce's identity and access management solutions, including user authentication, authorization, and data security.


The Salesforce Certified Identity and Access Management Architect exam covers a range of topics, including Salesforce identity and access management architecture, user authentication and authorization, identity federation, social sign-on, and single sign-on. Candidates are also expected to have a deep understanding of security standards and best practices, including OAuth, SAML, OpenID Connect, and multi-factor authentication. The exam consists of 60 multiple-choice questions, and candidates have 105 minutes to complete it. Passing the exam requires a score of 67% or higher, and the certification is valid for two years. With this certification, individuals can demonstrate their expertise in identity and access management solutions using Salesforce technologies, making them valuable assets to organizations looking to secure their Salesforce environments.

 

NEW QUESTION # 115
Universal containers (UC) has a classified information system that it's call centre team uses only when they are working on a case with a record type of "classified". They are only allowed to access the system when they own an open "classified" case, and their access to the system is removed at all other times. They would like to implement SAML SSO with salesforce as the IDP, and automatically allow or deny the staff's access to the classified information system based on whether they currently own an open "classified" case record when they try to access the system using SSO. What is the recommended solution for automatically allowing or denying access to the classified information system based on the open "classified" case record criteria?

  • A. Use a custom connected App handler using apex to dynamically allow access to the system based on whether the staff owns any open "classified" cases.
  • B. Use custom SAML jit provisioning to dynamically query the user's open "classified" cases when attempting to access the classified information system
  • C. Use salesforce reports to identify users that currently owns open "classified" cases and should be granted access to the classified information system.
  • D. Use apex trigger on case to dynamically assign permission sets that grant access when a user is assigned with an open "classified" case, and remove it when the case is closed.

Answer: A


NEW QUESTION # 116
Universal Containers (UC) has a strict requirement to authenticate users to Salesforce using their mainframe credentials. The mainframe user store cannot be accessed from a SAML provider. UC would also like to have users in Salesforce created on the fly if they provide accurate mainframe credentials.
How can the Architect meet these requirements?

  • A. Implement Just-In-Time Provisioning on the mainframe to create the user on the fly.
  • B. Use a Salesforce Login Flow to call out to a web service and create the user on the fly.
  • C. Use the SOAP API to create the user when created on the mainframe; implement Delegated Authentication.
  • D. Implement OAuth User-Agent Flow on the mainframe; use a Registration Handler to create the user on the fly.

Answer: A


NEW QUESTION # 117
Universal Containers (UC) has a mobile application for its employees that uses data from Salesforce as well as uses Salesforce for Authentication purposes. UC wants its mobile users to only enter their credentials the first time they run the app. The application has been live for a little over 6 months, and all of the users who were part of the initial launch are complaining that they have to re-authenticate. UC has also recently changed the URI Scheme associated with the mobile app. What should the Architect at UC first investigate?Universal Containers (UC) has a mobile application for its employees that uses data from Salesforce as well as uses Salesforce for Authentication purposes. UC wants its mobile users to only enter their credentials the first time they run the app. The application has been live for a little over 6 months, and all of the users who were part of the initial launch are complaining that they have to re-authenticate. UC has also recently changed the URI Scheme associated with the mobile app. What should the Architect at UC first investigate?

  • A. Verify that the Callback URL is correctly pointing to the new URI Scheme.
  • B. Check the Refresh Token policy defined in the Salesforce Connected App.
  • C. Validate that the users are checking the box to remember their passwords.
  • D. Confirm that the access Token's Time-To-Live policy has been set appropriately.

Answer: B


NEW QUESTION # 118
Universal Containers (UC) has built a custom time tracking app for its employee. UC wants to leverage Salesforce Identity to control access to the custom app.
At a minimum, which Salesforce license is required to support this requirement?

  • A. Identity Connect
  • B. Identity Verification
  • C. Identity Only
  • D. External Identity

Answer: C


NEW QUESTION # 119
An identity architect is implementing a mobile-first Consumer Identity Access Management (CIAM) for external users. User authentication is the only requirement. The users email or mobile phone number should be supported as a username.
Which two licenses are needed to meet this requirement?
Choose 2 answers

  • A. Identity Connect Licenses
  • B. External Identity Licenses
  • C. SMS verification Credits
  • D. Email Verification Credits

Answer: B,C


NEW QUESTION # 120
Universal Containers (UC) is rolling out its new Customer Identity and Access Management Solution built on top of its existing Salesforce instance. UC wants to allow customers to login using Facebook, Google, and other social sign-on providers.
How should this functionality be enabled for UC, assuming ail social sign-on providers support OpenID Connect?

  • A. Configure a single sign-on setting and a registration handler for each social sign-on provider.
  • B. Configure an authentication provider and a Just-In-Time (JIT) handler for each social sign-on provider.
  • C. Configure a single sign-on setting and a JIT handler for each social sign-on provider.
  • D. Configure an authentication provider and a registration handler for each social sign-on provider.

Answer: D


NEW QUESTION # 121
Universal Containers (UC) uses a home-grown Employee portal for their employees to collaborate. UC decides to use Salesforce Ideas to allow employees to post Ideas from the Employee portal. When users click on some of the links in the Employee portal, the users should be redirected to Salesforce, authenticated, and presented with the relevant pages. What OAuth flow is best suited for this scenario?

  • A. Web Server flow
  • B. SAML Bearer Assertion flow
  • C. User-Agent flow
  • D. Web Application flow

Answer: A


NEW QUESTION # 122
Universal Containers allows employees to use a mobile device to access Salesforce for daily operations using a hybrid mobile app. This app uses Mobile software development kits (SDK), leverages refresh token to regenerate access token when required and is distributed as a private app.
The chief security officer is rolling out an org wide compliance policy to enforce re-venfication of devices if an employee has not logged in from that device in the last week.
Which connected app setting should be leveraged to comply with this policy change?

  • A. Scope - Deny refresh_token scope for this connected app.
  • B. Permitted User - Ask admins to maintain a list of users who are permitted based on last login date.
  • C. Session Policy - Set timeout value of the connected app to 7 days.
  • D. Refresh Token Policy - Expire the refresh token if it has not been used for 7 days.

Answer: D


NEW QUESTION # 123
A global company's Salesforce Identity Architect is reviewing its Salesforce production org login history and is seeing some intermittent Security Assertion Markup Language (SAML SSO) 'Replay Detected and Assertion Invalid' login errors.
Which two issues would cause these errors?
Choose 2 answers

  • A. The subject element is missing from the assertion sent to salesforce.
  • B. The assertion sent to 5alesforce contains an assertion ID previously used.
  • C. The certificate loaded into SSO configuration does not match the certificate used by the IdP.
  • D. The current time setting of the company's identity provider (IdP) and Salesforce platform is out of sync by more than eight minutes.

Answer: A,B


NEW QUESTION # 124
An architect needs to advise the team that manages the identity provider how to differentiate salesforce from other service providers. What SAML SSO setting in salesforce provides this capability?

  • A. Entity id
  • B. Identity provider login URL
  • C. Issuer
  • D. SAML identity location

Answer: A


NEW QUESTION # 125
Universal containers (UC) has built a custom based Two-factor Authentication (2fa) system for their existing on-premise applications. Thru are now implementing salesforce and would like to enable a Two-factor login process for it, as well. What is the recommended solution an architect should consider?

  • A. Replace the custom 2fa system with salesforce 2fa for on-premise application and salesforce.
  • B. Use the custom 2fa system for on-premise applications and native 2fa for salesforce.
  • C. Use custom login flows to connect to the existing custom 2fa system for use in salesforce.
  • D. Replace the custom 2fa system with an app exchange app that supports on-premise applications and salesforce.

Answer: C


NEW QUESTION # 126
Universal Containers (UC) has implemented SSO according to the diagram below. uses SAML while Salesforce Org 1 uses OAuth 2.0. Users usually start their day by first attempting to log into Salesforce Org 2 and then later in the day, they will log into either the Financial System or CPQ system depending upon their job position. Which two systems are acting as Identity Providers?

  • A. Salesforce Org 2
  • B. Financial System
  • C. Pingfederate
  • D. Salesforce Org 1

Answer: C,D


NEW QUESTION # 127
Universal Containers is budding a web application that will connect with the Salesforce API using JWT OAuth Flow.
Which two settings need to be configured in the connect app to support this requirement?
Choose 2 answers

  • A. The Use Digital Signature option in the connected app.
  • B. The "web" OAuth scope in the connected app,
  • C. The "edair_api" OAuth scope m the connected app.
  • D. The "api" OAuth scope in the connected app.

Answer: A,D


NEW QUESTION # 128
Which two roles of the systems are involved in an environment where salesforce users are enabled to access Google Apps from within salesforce through App launcher and connected App set up? Choose 2 answers

  • A. Salesforce is the service provider
  • B. Google is the service provider
  • C. Google is the identity provider
  • D. Salesforce is the identity provider

Answer: A


NEW QUESTION # 129
Universal containers (UC) is setting up Delegated Authentication to allow employees to log in using their corporate credentials. UC's security team is concerned about the risk of exposing the corporate login service on the Internet and has asked that a reliable trust mechanism be put in place between the login service and salesforce. What mechanism should an architect put in place to enable a trusted connection between the login services and salesforce?

  • A. Enforce mutual Authentication between systems using SSL.
  • B. Set up a proxy server for the login service in the DMZ.
  • C. Include client ID and client secret in the login header callout.
  • D. Require the use of Salesforce security Tokens on password.

Answer: D


NEW QUESTION # 130
Northern Trail Outfitters (NTO) uses the Customer 360 Platform implemented on Salesforce Experience Cloud. The development team in charge has learned of a contactless user feature, which can reduce the overhead of managing customers and partners by creating users without contact information.
What is the potential impact to the architecture if NTO decides to implement this feature?

  • A. Contactless user feature is available only with the External Identity license, which can restrict the Experience Cloud functionality available to the user.
  • B. If contactless user is upgraded to Community license, the contact record is automatically created and linked to the user record, but not associated with an Account.
  • C. Custom registration handler is needed to correctly assign External Identity or Community license for the newly registered contactless user.
  • D. Passwordless authentication can not be supported because the mobile phone receiving one-time password (OTP) needs to match the number on the contact record.

Answer: A


NEW QUESTION # 131
Universal containers(UC) wants to integrate a third-party reward calculation system with salesforce to calculate rewards. Rewards will be calculated on a schedule basis and update back into salesforce. The integration between Salesforce and the reward calculation system needs to be secure. Which are the recommended best practices for using Oauth flows in this scenario? Choose 2 answers

  • A. Oauth refresh token flow
  • B. Oauth Username-password flow
  • C. Oauth SAML bearer assertion flow
  • D. Oauthjwt bearer token flow

Answer: C,D


NEW QUESTION # 132
......


The Salesforce Certified Identity and Access Management Architect certification exam covers a wide range of topics, including user authentication, authorization, identity management, access control, and data security. Candidates who pass this certification exam demonstrate their ability to design and implement secure solutions that meet the requirements of their organization.

 

100% Pass Guaranteed Free Identity-and-Access-Management-Architect Exam Dumps: https://www.getvalidtest.com/Identity-and-Access-Management-Architect-exam.html

Verified & Latest Identity-and-Access-Management-Architect Dump Q&As with Correct Answers: https://drive.google.com/open?id=1U5jOBoQUeLG3kyMrRQp9amjbshtNFDF6

Related Articles

more
Salesforce Identity-and-Access-Management-Architect Certification Practice Exam